Jenkins X Security

The Jenkins X project takes security seriously. We make every possible effort to ensure users can adequately secure their automation infrastructure. To that end, we work with Jenkins X platform and app developers, as well as security researchers, to fix security vulnerabilities in Jenkins X in a timely manner, and to improve the security of Jenkins X in general.

How to Report a Security Vulnerability

If you find a vulnerability in Jenkins X, please report it by sending an email to the SECURITY maintainer mailing list. Please do not report security issues in the github tracker.

By restricting access to this potentially sensitive information, we can work on a fix and deliver it before the method of attack becomes well-known.

Vulnerabilities in Apps

Whilst the Jenkins X team is not responsible for the quality of third party apps, please still use the above reporting mechanism and we will co-ordinate with the app developer to ensure a fix in a secure maner.

Last modified July 13, 2022: fix: security incidence report (46f1e38c63)